Add and update users with LDAP Just-In-Time provisioning
Just-In-Time (JIT) provisioning enables automatic user account creation in Okta the first time a user authenticates with Lightweight Directory Access Protocol (LDAP) delegated authentication.
JIT account creation and activation only works for users who are not already Okta users. This means that users who are confirmed on the import results page, regardless of whether or not they were subsequently activated, are not eligible for JIT activation. When JIT is enabled, users do not receive activation emails.
For JIT provisioning, delegated authentication must be enabled. If delegated authentication is not enabled, Okta user accounts can only be created using bulk import.
When JIT is enabled for your org and delegated authentication is selected for your LDAP integration, JIT is used to create user profiles and import user data.
- In the Admin Console, go to Directory > Directory Integrations.
- Click LDAP and then click the Provisioning tab.
- Click To Okta in the Settings list.
- Click Edit in the General area.
- Select the Create and update users on login check box next to JIT provisioning.
- Scroll down and click Save.